Disable the PG_MSGProt.exe service?

I have nothing configured within Process Guard to use WM_CLOSE handling. So, I don't need PG_MSGProt.exe, and don't want it using memory and CPU time unnecessarily.

However, I realize that whether or not I need PG_MSGProt.exe personally has no bearing on whether or not Process Guard needs it. Can I hack this service into disabled mode, without wreaking havok? (I realize that Process Guard tries to prevent the service from becoming disabled, but there are of course ways around that.)

If you're not using any Close Message Handling protection then yes you should be ok to not use PG_Msgprot.exe. I haven't tried this, but it should work:
- From inside PG, Disable All Protection (it's literally like an On/Off switch)
- Then close PG, so that procguard.exe is no longer running
- Now, terminate PG_Msgprot.exe using a tool such as Task Manager or our own APT.
- Then, rename PG_Msgprot.exe to something else (PG_Msgprot.bak for example)

Thank you, Wayne! I found that I was able to disable the PG_MSGProt.exe service after disabling protection and closing procguard.exe. If I find out that Jason has sneaky code ( ) in there to automatically re-enable the service, I'll rename the file itself as you suggest. The heart of the question was "Is it safe...?" and you answered that.

But I did answer the question you asked. The command (net stop) uses a local EXE. It can be "forced from the outside" or invoked just like any other EXE on your system could: By way of a malware file you run, or by a remote-access trojan.

You shouldn't be so quick to expect the "net stop" command to work. It can be disabled (for example, KAV won't let you do it).

I thought the beta testers were refering to procguard.sys (which can't be stopped, even with net stop, etc). I will add this also to PG_MSGProt.exe so it cannot be stopped unless protection is disabled for v1.250. PG_Msgprot protection isn't THAT vital, compared to the driver, so it isn't that big an issue security wise.